Governance Policies for Strategic Management of Data

October 31, 2019|4:25 p.m.| ASTHO Staff

The amount of data available to public health leaders continues to increase at a rapid pace further emphasizing the need for reliable and secure data management. State and territorial health agencies (S/THAs) receive massive amounts of disparate data from various sources and must find ways to manage, store, analyze, and use this information. Agencies typically house and maintain hundreds of data surveillance systems, each with its own purpose for monitoring disease outbreaks or trends and requiring subject matter expertise and funding resources to maintain.

Given the breadth of data stored at agencies it is critical for them to have a plan, known as data governance, for the overall security and management of data. "Data governance" is the overall strategic management of data availability, usability, integrity, and security in an enterprise or organization. A sound data governance system includes a defined set of governing policies, procedures, and resources, as established by a governing body or council. The role of the governing body is to develop a data strategy for defining priorities and resource allocation, and to implement policies, common processes, and procedures to improve data management and use. The governing body also identifies objectives for data use and establishes data responsibilities within and across the organization.

Fortunately, data breaches in public health are extremely rare, largely due to policies passed through legislation or regulation that safeguard collection, storage, and sharing of public health data. State and territorial public health officials have an important role to play in the oversight and security of a plethora of data through data governance.

The Virginia Department of Health established a data governance program in 2018 as a result of legislation creating a chief data officer position. This position, along with the data governance program manager, oversees the data governance program and provides expertise on building infrastructure and data governance for the entire health agency. Through this program, the health department was able to enact agency-wide policies that established a framework for the data governance program and procedures for secure data transfer. Some of the policies in practice include those that were used for setting the general framework for the overall program as well as the procedures for secure data transfer. There are also policies that are currently in development around data security, access, suppression, and stewardship.  

In March of 2019, Arkansas enacted Senate Bill 656 to create a data-sharing and data-driven decision-making task force. The data governance structure will consist of 12 members, equally divided among members of the state senate and the house of representatives. The goal of the task force is to examine existing data sharing channels and procedures and provide recommendations for establishing an efficient system of data sharing that prevents duplicate efforts.

In 2015, Texas approved House Bill 1912 to authorize employment of a statewide data coordinator by the Texas Department of Information Resources. The coordinator oversees data governance strategies for improving the control and security of information of data and promoting inter-agency sharing of information. Additionally, the state is currently exploring options for creating an internal data governance strategy.

In this current legislative session, Massachusetts is considering House Bill 2746, which would establish a Commonwealth Analytic Center for Excellence within the office of information technology. This center would be tasked with coordinating ongoing data-sharing and integration efforts in the state. Ultimately, the goal is to generate greater efficiencies within state agencies and departments for both service delivery and policymaking.